in

CCIE - Internetwork Expert's Online Community
Forums » Internetwork Expert Products » CCIE R&S Lab Workbook Volume II Version 4.1 » IEWB-RS Volume 2 Version 4.1 Lab 20 » Task 9.1 - Traffic Filtering
Latest post 11-23-2008 3:49 PM by bkvalentine. 2 replies.
Page 1 of 1 (3 items)
Sort Posts: Previous Next

  • 11-06-2008 10:02 PM

    Task 9.1 - Traffic Filtering

    Reply Contact

    - 51.3.0.1

    - 51.5.0.1

    - 51.7.0.1

    - 51.3.0.9

    - 51.5.0.9

    - 51.7.0.9

     

    SG using

    access-list 1 deny 51.3.0.1 0.0.0.8

    access-list 1 deny 51.5.0.1 0.2.0.8

     

    I did some calculations on the wildcard masks. Is the following ACL feasible using oneliner?

    access-list 1 deny 51.3.0.1 0.6.0.8
    • Post Points: 20

  • 11-18-2008 11:58 AM In reply to

    • ciberkot
    • Top 200 Contributor
    • Joined on 10-22-2008
    • Posts 9
    • Points 135

    Re: Task 9.1 - Traffic Filtering

    Reply Contact

    nitrodrops:

     

    access-list 1 deny 51.3.0.1 0.6.0.8

    it would match 51.1.0.1 host as well

     
    • Post Points: 20

  • 11-23-2008 3:49 PM In reply to

    Re: Task 9.1 - Traffic Filtering

    Reply Contact

    ciberkot:

    nitrodrops:

    access-list 1 deny 51.3.0.1 0.6.0.8

    it would match 51.1.0.1 host as well

    It would also overlap 51.1.0.9, I believe - but worse than that, the implicit deny any at the end any would cause it to block all IP traffic.

    I also had a three line ACL, but a little different than the SG:

    access-list 91 permit 51.1.0.1 0.0.0.8
    access-list 91 deny   51.1.0.1 0.6.0.8
    access-list 91 permit any

    Mine is a little more confusing than the SG, but it would work too, I think.
    • Post Points: 5
Page 1 of 1 (3 items)